Scan my project

SonarLint, a core component of the Sonar solution, is a developer's first line of defense to find and fix coding issues in real-time. The results of a SonarLint scan provide rich contextual guidance to help you improve your skills while enhancing productivity to help you resolve issues in code.

SonarLint scans your project to provide instant feedback against hundreds of language-specific rules. When running in Connected Mode with SonarQube or SonarCloud, you can benefit from additional rules that identify security vulnerabilities and security hotspots as well as take advantage of team features that help your organization work towards a Clean Code state.

Every organization has custom policies and procedures; the SonarLint analyzer offers a level of customization to help you achieve those practices.

Overview

SonarLint for VS Code will automatically analyze all open files. Scanning a full project, including unopened files, is only available in the search for Security hotspots; please see the documentation on reporting hotspots in the whole folder for the full details.

First steps

SonarLint for VS Code will only analyze open files when a file is opened or saved. It is not possible to manually trigger an analysis.

Scanning while in Connected Mode

When running in Connected Mode, SonarLint will sync with the SonarQube or SonarCloud Quality Profile to download issues and suppress those marked as safe or won’t fix on the server. The analyzer properties and rules will be respected and SonarLint will use locally what is defined on the server.

When running in Connected Mode with SonarQube 10.4 or newer, Won’t Fix becomes Accept.

Language-specific information

C and C++ analysis

Please see the specific requirements for supported compilers and language standards described on the Running an analysis page.

Jupyter Notebooks

Jupyter Notebooks in VS Code

SonarLint for VS Code v3.16+ supports analysis of Python code inside Jupyter notebooks. When opening an .ipynb file, SonarLint analyzes the Python code and Python cells inside your Jupyter Notebooks.

There is nothing special to do to run a SonarLint analysis; simply open a Jupyter Notebook file. As with any Jupyter Notebook, you must set up your VS Code environment to run a project. The usual Quick Fix and issue investigation options you are accustomed to are available.

Managing rules

IPython Notebooks is a new rules category in the SonarLint explorer. Go to SONARLINT RULES > IPython Notebooks in the SonarLint view container to enable/disable rules, just as you would any rule for other languages.

The following rules have been disabled by default for Jupyter documents because they tend to be noisy in the notebook environment:

ipython:S905, ipython:S1481, ipython:S2201, ipython:S5754

Connected Mode

Connected Mode will be ignored when working with Jupyter Notebooks. You will only have local analysis; this is because analysis of Jupyter Notebooks is not yet supported by SonarQube or SonarCloud.

Magic commands

All Magic commands are ignored by SonarLint (for example, %matplotlib inline and %%timeit). When a line magic command is found, that line will be ignored. Similarly, when a cell magic command is found, the entire cell will be ignored. The next image below shows a normal Jupyter cell; the second image illustrates the same cell with a cell magic command. Note how SonarLint ignores issues in the cell with the magic command.

Specify additional analyzer properties

It is possible to specify extra analyzer properties that will be used for analysis.

// <project>/.vscode/settings.json
{
    "sonarlint.analyzerProperties": {
        "sonar.javascript.node.maxspace": "4096"
    }
}

On this page

Scan my project

.css-4ebt6d{position:relative;--tw-text-opacity:1;color:rgb(0 0 0 / var(--tw-text-opacity));}Overview.css-abpesc{width:2rem;display:none;margin-left:0.5rem;fill:#5F656D;}.css-abpesc:hover{fill:#290042;}

Overview